[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Misc Developer News (#41)

The news are collected on https://wiki.debian.org/DeveloperNews
Please contribute short news about your work/plans/subproject.

In this issue:
 + New debhelper compat 10 ready for testing
 + Source packages can include upstream signatures
 + Repository makes use of `by-hash` to avoid hashsum mismatches
 + stretch-debug suite now populated
 + `init` no longer required

New debhelper compat 10 ready for testing

 As of debhelper/9.20160403, the new compat level 10 is now ready for
 widespread public testing. A few highlights:

  * The dh command will no longer use log files to track which commands
    have been run. The dh command *still* keeps track of whether it
    already ran the "build" sequence and skip it if it did.

  * The autoreconf sequence is now enabled by default. Please pass
    --without autoreconf to dh if this is not desirable for a given

  * The dh_installinit command now defaults to --restart-after-upgrade.
    For packages needing the previous behaviour, please use

 Please review the full list in "man 7 debhelper" or

  -- Niels Thykier

Source packages can include upstream signatures

 Debian source packages in the 3.0 (quilt) format can now include
 a detached OpenPGP signature of the source tarball by the upstream
 developers: just put a foo_1.2.orig.tar.xz.asc besides the
 foo_1.2.orig.tar.xz tarball and dpkg 1.18.5+ will pick up the
 signature and include it. uscan does not yet[1] place upstream
 signatures alongside the upstream tarball.

 This signature is not used by the Debian archive, but can be used
 by others to verify the integrity of the upstream source.

 Thanks to Daniel Kahn Gillmor for the suggestion and Guillem
 Jover for the implementation.

  -- Ansgar Burchardt

 [1] https://bugs.debian.org/727096

Repository makes use of `by-hash` to avoid hashsum mismatches

 For a long time updating repositories was racy: `apt update`
 could obtain a Release file, but non-matching (newer or older)
 Packages indices and would report a "Hash Sum mismatch" error.
 Re-running `apt update` at a later time would obtain a matching
 set of files.

 Recently apt gained the ability to retrieve files referenced from
 Release via a hash, for example it would request
 instead of

 This means that as long as all `by-hash` files are present before
 the new Release file is installed, apt would no longer retrieve
 non-matching sets of files. In addition the repository can
 provide an older generation of indices for clients that obtained
 the old Release file at the same time.
 Debian's archive now supports this for the `testing`, `unstable`
 and `experimental` suites, as well as for some related
 suites (`buildd-*`, `*-debug`, `testing-proposed-updates`).

 Another, less visible, change was done to help our mirroring tools.
 The files `dists/*/*Release*` were moved to `zzz-dists/*/*Release*` and
 replaced with symlinks.
 It helps rsync to sync these important files after all other indices have
 been updated, as rsync always sorts files to be transferred by name.
 This change has been implemented for the distributions mentioned above.

 One piece in APT is still missing: apt does not yet use `by-hash` for the
 pdiff Index files[2].
 This means APT might fall back to downloading the complete file instead
 of only diffs in case a non-matching pdiff Index file was retrieved.
 Many other tools will need changes as well to benefit from these archive

 Thanks to the APT developers for implementing this in apt, and to
 Julien Cristau for the implementation on the archive side in dak.

  -- Ansgar Burchardt

 [2] https://bugs.debian.org/824926

stretch-debug suite now populated

 As of May 22nd, the stretch-debug suite available in the debug archive
 contains the dbgsym (debugging symbols) packages corresponding to
 packages in stretch. It can be enabled with either of the following
 sources.list entries:

 deb http://deb.debian.org/debian-debug stretch-debug main
 deb http://deb.debian.org/debian-debug testing-debug main

  -- Julien Cristau

`init` no longer required

 Some uses of Debian, such as application containers or bootstrapping (and
 buildd chroots), do not require an init system, but prefer a minimal base
 To accommodate these a bit better, the `init` package was made no longer
 essential[3] and its priority was downgraded to "important"[4].
 This means that the `buildd` and `minbase` variants of `debootstrap` will
 no longer include `init`.

 For unstable as of 2016-06-05 this change reduced the size of binary
 packages to install from 33MB to 29MB for the `minbase` variant.

  -- Ansgar Burchardt

 [3] https://bugs.debian.org/756023
 [4] https://bugs.debian.org/824991

Attachment: signature.asc
Description: PGP signature

Reply to: